[scponly] new patch: makes rsync work
Kaleb Pederson
kibab at icehouse.net
Tue Oct 31 02:08:29 EST 2006
Péter,
Thanks for contributing.
Although this should work, I would prefer to only explicitely allow the ones
that we know safe -- in this case '--server' and '--sender'. Using
getopt_long we could have a list of allowed args that we could validate in
its entirety. Thus, if rsync or any other program comes out with a new
command line option, we wouldn't be vulnerable.
I had mostly finished this up a couple of months ago... but circumstances
haven't permitted me to finish it up :(
Basically, it just employed the concept shown up in the getopt_long manpage:
// make an array
static struct option allowed_long_opts[] = {
{"server", 1, 0, 'k'},
{"sender", 0, 0, 'k'},
{0,0,0,0}
};
c = getopt_long (argc, argv, OPTS_FOR_CMD_IN_USE,
allowed_long_opts, NULL);
if ('k' == c || other allowed shortopt)...;
Anyway, you obviously got around to it first -- and something is much better
than nothing... so thank you.
Hopefully with some other feedback we can end up with the best all-around
solution.
--Kaleb
On Sunday 29 October 2006 2:38 am, Péter Szabó wrote:
> Dear scponly Developers,
>
> We have prepared a patch to scponly-4.3. The patch makes it possible to
> use rsync with scponly. Before this patch scponly refused the ``rsync
> --server'' option with this message in syslog:
>
> option e is not permitted for use with /usr/bin/rsync (arg was rver)
> requested command (/usr/bin/rsync --server --sender -vlogDtprz . v)
> tried to use disallowed argument
>
> Get the patch from
>
> http://www.szszi.hu/~pts/scponly/pts-scponly-4.3-rsync.patch
>
> What do I have to do in order to get the patch integrated to scponly?
>
> Best regards,
>
> Péter Szabó
> free software consultant
> Free Software Institute, Hungary
>
>
>
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
More information about the scponly
mailing list